{"id":13389845,"url":"https://github.com/rabbitmask/WeblogicScan","last_synced_at":"2025-03-13T14:32:03.753Z","repository":{"id":41176492,"uuid":"173846409","full_name":"rabbitmask/WeblogicScan","owner":"rabbitmask","description":"Weblogic一键漏洞检测工具，V1.5，更新时间：20200730","archived":false,"fork":false,"pushed_at":"2023-05-22T23:33:35.000Z","size":804,"stargazers_count":2215,"open_issues_count":9,"forks_count":406,"subscribers_count":48,"default_branch":"master","last_synced_at":"2025-03-08T08:56:59.518Z","etag":null,"topics":["weblogicscan"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rabbitmask.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2019-03-05T00:57:22.000Z","updated_at":"2025-03-05T17:12:54.000Z","dependencies_parsed_at":"2022-08-10T01:43:00.788Z","dependency_job_id":"693bb024-8a32-4c89-b240-827ad172fd06","html_url":"https://github.com/rabbitmask/WeblogicScan","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rabbitmask%2FWeblogicScan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rabbitmask%2FWeblogicScan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rabbitmask%2FWeblogicScan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rabbitmask%2FWeblogicScan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rabbitmask","download_url":"https://codeload.github.com/rabbitmask/WeblogicScan/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":242847832,"owners_count":20194969,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["weblogicscan"],"created_at":"2024-07-30T13:01:35.477Z","updated_at":"2025-03-13T14:32:03.153Z","avatar_url":"https://github.com/rabbitmask.png","language":"Python","funding_links":[],"categories":["Python (1887)","其他_安全与渗透","Python"],"sub_categories":["网络服务_其他"],"readme":"\u003cdiv align=center\u003e\u003cimg src=WeblogicScan.jpg width=\"60%\"\u003e\u003c/div\u003e\n\n# WeblogicScan\nWeblogic一键漏洞检测工具，V1.5\n```\n软件作者：Tide_RabbitMask\n免责声明：Pia!(ｏ ‵-′)ノ”(ノ﹏\u003c。)\n本工具仅用于安全测试，请勿用于非法使用，要乖哦~\n\nV 1.5功能介绍：\n提供一键poc检测，收录几乎全部weblogic历史漏洞。\n详情如下：\n\n    #控制台路径泄露\n    Console  \n    \n    #SSRF：\n    CVE-2014-4210      \n    \n    #JAVA反序列化\n    CVE-2016-0638  \n    CVE-2016-3510   \n    CVE-2017-3248   \n    CVE-2018-2628 \n    CVE-2018-2893\n    CVE-2019-2725\n    CVE-2019-2729\n    CVE_2019_2890\n    \n    #任意文件上传\n    CVE-2018-2894   \n    \n    #XMLDecoder反序列化\n    CVE-2017-3506\n    CVE-2017-10271 \n    \nV 1.1 更新日志:\n    删减全部EXP\n    删减POC:CVE-2015-4852\n    新增POC:CVE-2017-10271,CVE-2019-2725,CVE-2018-2894\n    新增日志功能\n    全新交互模式\n    全新名称、Banner\n\nV 1.2 更新日志:\t\n    新增离线依赖安装模式，满足内网测试需求：\n    即新增文件夹:/whl/\n    Usage：python3 install.py\n\nV 1.3 更新日志:\t\n    全新支持Python3\n    重写POC:CVE-2019-2725\n    新增POC:CVE-2019-2729\n\nV 1.4 更新日志:\t[20200729]\n    新增POC:CVE_2019_2890\n    全新框架设计，高度封装与拟人化\n    舍弃离线安装模块\n    重点修复：从根本上解决脚本异常卡死问题（不同目标版本的异常通信造成）\n    重点升级：从根本上解决脚本漏报误报问题（部分原因由py2-\u003epy3升级造成）\n    # Not End：\n    话说大家一直好奇其它同类型工具增加的CVE-2020-* 为什么一直没有在这里出现。\n    其实相关的漏洞利用链以及最新的EXP我都有自己去复现或自己去写，手头也差不多是全的，\n    但是如何把他们去靠谱的自动化集成一直是个问题，很多公开利用链是依赖ldap或没有回显可供正则的。\n    :) 至于1.4高度封装与框架重新设计的目的，V1.5批量版本近期更新，敬请期待。\n\nV 1.5 更新日志:\t[20200730] [快不快？/嚣张脸:)]\n    新增模块:Whoareu,基于T3的目标版本精确识别\n    重点升级：增加批量扫描功能,智能兼容默认端口或自定义端口\n    仅打印检测成功的内容，更多内容详见weblogic.log日志    \n```\nSoftware using Demo:\t\n===\n```python WeblogicScan.py -h```\n```\n__        __   _     _             _        ____\n\\ \\      / /__| |__ | | ___   __ _(_) ___  / ___|  ___ __ _ _ __\n \\ \\ /\\ / / _ \\ '_ \\| |/ _ \\ / _` | |/ __| \\___ \\ / __/ _` | '_ \\\n  \\ V  V /  __/ |_) | | (_) | (_| | | (__   ___) | (_| (_| | | | |\n   \\_/\\_/ \\___|_.__/|_|\\___/ \\__, |_|\\___| |____/ \\___\\__,_|_| |_|\n                             |___/\n                             By Tide_RabbitMask | V 1.5\n\nWelcome To WeblogicScan !!!\nWhoami：https://github.com/rabbitmask\nusage: WeblogicScan.py [-h] [-u IP] [-p PORT] [-f FILE]\n\noptional arguments:\n  -h, --help  show this help message and exit\n\nScanner:\n  -u IP       target ip\n  -p PORT     target port\n  -f FILE     target list\n```\n```python WeblogicScan.py -u 127.0.0.1 -p 7001```\n```\n__        __   _     _             _        ____\n\\ \\      / /__| |__ | | ___   __ _(_) ___  / ___|  ___ __ _ _ __\n \\ \\ /\\ / / _ \\ '_ \\| |/ _ \\ / _` | |/ __| \\___ \\ / __/ _` | '_ \\\n  \\ V  V /  __/ |_) | | (_) | (_| | | (__   ___) | (_| (_| | | | |\n   \\_/\\_/ \\___|_.__/|_|\\___/ \\__, |_|\\___| |____/ \\___\\__,_|_| |_|\n                             |___/\n                             By Tide_RabbitMask | V 1.5\n\nWelcome To WeblogicScan !!!\nWhoami：https://github.com/rabbitmask\n[*] =========Task Start=========\n[+] [127.0.0.1:7001] Weblogic Version Is 10.3.6.0\n[+] [127.0.0.1:7001] Weblogic console address is exposed! The path is: http://127.0.0.1:7001/console/login/LoginForm.jsp\n[+] [127.0.0.1:7001] Weblogic UDDI module is exposed! The path is: http://127.0.0.1:7001/uddiexplorer/\n[+] [127.0.0.1:7001] weblogic has a JAVA deserialization vulnerability:CVE-2016-0638\n[-] [127.0.0.1:7001] weblogic not detected CVE-2016-3510\n[-] [127.0.0.1:7001] weblogic not detected CVE-2017-10271\n[-] [127.0.0.1:7001] weblogic not detected CVE-2017-3248\n[-] [127.0.0.1:7001] weblogic not detected CVE-2017-3506\n[+] [127.0.0.1:7001] weblogic has a JAVA deserialization vulnerability:CVE-2018-2628\n[+] [127.0.0.1:7001] weblogic has a JAVA deserialization vulnerability:CVE-2018-2893\n[-] [127.0.0.1:7001] weblogic not detected CVE-2018-2894\n[-] [127.0.0.1:7001] weblogic not detected CVE-2019-2725\n[-] [127.0.0.1:7001] weblogic not detected CVE-2019-2729\n[+] [127.0.0.1:7001] weblogic has a JAVA deserialization vulnerability:CVE-2019-2890\n[*] ==========Task End==========\n```\n```python WeblogicScan.py -f target.txt```\n```\n__        __   _     _             _        ____\n\\ \\      / /__| |__ | | ___   __ _(_) ___  / ___|  ___ __ _ _ __\n \\ \\ /\\ / / _ \\ '_ \\| |/ _ \\ / _` | |/ __| \\___ \\ / __/ _` | '_ \\\n  \\ V  V /  __/ |_) | | (_) | (_| | | (__   ___) | (_| (_| | | | |\n   \\_/\\_/ \\___|_.__/|_|\\___/ \\__, |_|\\___| |____/ \\___\\__,_|_| |_|\n                             |___/\n                             By Tide_RabbitMask | V 1.5\n\nWelcome To WeblogicScan !!!\nWhoami：https://github.com/rabbitmask\n[*] ========Task Num: [2]========\n[*] =========Task Start=========\n[+] [127.0.0.1:7001] Weblogic Version Is 10.3.6.0\n[+] [172.19.19.19:7001] Weblogic Version Is 10.3.6.0\n[+] [127.0.0.1:7001] Weblogic console address is exposed! The path is: http://127.0.0.1:7001/console/login/LoginForm.jsp\n[+] [172.19.19.19:7001] Weblogic console address is exposed! The path is: http://172.19.19.19:7001/console/login/LoginForm.jsp\n[+] [127.0.0.1:7001] Weblogic UDDI module is exposed! The path is: http://127.0.0.1:7001/uddiexplorer/\n[+] [172.19.19.19:7001] Weblogic UDDI module is exposed! The path is: http://172.19.19.19:7001/uddiexplorer/\n[+] [127.0.0.1:7001] weblogic has a JAVA deserialization vulnerability:CVE-2016-0638\n[+] [172.19.19.19:7001] weblogic has a JAVA deserialization vulnerability:CVE-2016-0638\n[+] [172.19.19.19:7001] weblogic has a JAVA deserialization vulnerability:CVE-2018-2628\n[+] [127.0.0.1:7001] weblogic has a JAVA deserialization vulnerability:CVE-2018-2628\n[+] [127.0.0.1:7001] weblogic has a JAVA deserialization vulnerability:CVE-2018-2893\n[+] [172.19.19.19:7001] weblogic has a JAVA deserialization vulnerability:CVE-2018-2893\n[+] [127.0.0.1:7001] weblogic has a JAVA deserialization vulnerability:CVE-2019-2890\n[+] [172.19.19.19:7001] weblogic has a JAVA deserialization vulnerability:CVE-2019-2890\n[*] ==========Task End==========\n```\n``` \n# Demo target.txt (端口默认为7001)\n\n127.0.0.1:7001\n192.168.1.1\n192.168.1.1:80\n```\n``` \n# Demo Weblogic.log\n\n2020-07-30 14:15:48,266 [+] [127.0.0.1:7001] Weblogic Version Is 10.3.6.0\n2020-07-30 14:15:48,267 [+] [172.19.19.19:7001] Weblogic Version Is 10.3.6.0\n2020-07-30 14:15:48,276 [+] [127.0.0.1:7001] Weblogic console address is exposed! The path is: http://127.0.0.1:7001/console/login/LoginForm.jsp\n2020-07-30 14:15:48,314 [+] [172.19.19.19:7001] Weblogic console address is exposed! The path is: http://172.19.19.19:7001/console/login/LoginForm.jsp\n2020-07-30 14:15:48,376 [+] [127.0.0.1:7001] Weblogic UDDI module is exposed! The path is: http://127.0.0.1:7001/uddiexplorer/\n2020-07-30 14:15:48,393 [+] [172.19.19.19:7001] Weblogic UDDI module is exposed! The path is: http://172.19.19.19:7001/uddiexplorer/\n2020-07-30 14:16:01,584 [+] [127.0.0.1:7001] weblogic has a JAVA deserialization vulnerability:CVE-2016-0638\n2020-07-30 14:16:01,598 [+] [172.19.19.19:7001] weblogic has a JAVA deserialization vulnerability:CVE-2016-0638\n2020-07-30 14:16:14,800 [-] [127.0.0.1:7001] weblogic not detected CVE-2016-3510\n2020-07-30 14:16:14,802 [-] [172.19.19.19:7001] weblogic not detected CVE-2016-3510\n2020-07-30 14:16:14,818 [-] [127.0.0.1:7001] weblogic not detected CVE-2017-10271\n2020-07-30 14:16:14,821 [-] [172.19.19.19:7001] weblogic not detected CVE-2017-10271\n2020-07-30 14:16:28,031 [-] [127.0.0.1:7001] weblogic not detected CVE-2017-3248\n2020-07-30 14:16:28,035 [-] [172.19.19.19:7001] weblogic not detected CVE-2017-3248\n2020-07-30 14:16:28,041 [-] [172.19.19.19:7001] weblogic not detected CVE-2017-3506\n2020-07-30 14:16:28,048 [-] [127.0.0.1:7001] weblogic not detected CVE-2017-3506\n2020-07-30 14:16:51,253 [+] [172.19.19.19:7001] weblogic has a JAVA deserialization vulnerability:CVE-2018-2628\n2020-07-30 14:16:51,261 [+] [127.0.0.1:7001] weblogic has a JAVA deserialization vulnerability:CVE-2018-2628\n2020-07-30 14:17:04,466 [+] [127.0.0.1:7001] weblogic has a JAVA deserialization vulnerability:CVE-2018-2893\n2020-07-30 14:17:04,471 [-] [127.0.0.1:7001] weblogic not detected CVE-2018-2894\n2020-07-30 14:17:04,609 [-] [127.0.0.1:7001] weblogic not detected CVE-2019-2725\n2020-07-30 14:17:06,381 [+] [172.19.19.19:7001] weblogic has a JAVA deserialization vulnerability:CVE-2018-2893\n2020-07-30 14:17:06,385 [-] [172.19.19.19:7001] weblogic not detected CVE-2018-2894\n2020-07-30 14:17:06,553 [-] [172.19.19.19:7001] weblogic not detected CVE-2019-2725\n2020-07-30 14:17:06,649 [-] [127.0.0.1:7001] weblogic not detected CVE-2019-2729\n2020-07-30 14:17:08,591 [-] [172.19.19.19:7001] weblogic not detected CVE-2019-2729\n2020-07-30 14:17:19,854 [+] [127.0.0.1:7001] weblogic has a JAVA deserialization vulnerability:CVE-2019-2890\n2020-07-30 14:17:21,805 [+] [172.19.19.19:7001] weblogic has a JAVA deserialization vulnerability:CVE-2019-2890\n```\n\n##### Thanks for the support from [JetBrains](https://www.jetbrains.com/?from=WeblogicScan).","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frabbitmask%2FWeblogicScan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frabbitmask%2FWeblogicScan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frabbitmask%2FWeblogicScan/lists"}